解释:
PASSWORD_LIFE_TIME:口令有效时间
口令使用期限(应用系统帐号暂不修改)。
password_grace_time 指的是在你的密码已经过期以后, 第一次登录时间开始往后统计, 使系统可以使用的日期限度.
PASSWORD_REUSE_TIME是重用密码的最小时间间隔,单位是天。可以给出整数或分数,如1/1440表示1分钟(出于效率的考虑,oracle不会每分钟都去进行检查,一般来说,有5分钟左右的误差,因此如果这个数小于1/144则没有多大的意义)。
PASSWORD_REUSE_MAX是重用密码前更换密码的最小次数。
ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 60;
ALTER PROFILE default LIMIT PASSWORD_LOCK_TIME 0.5;
修改Oracle提供的验证函数文件$ORACLE_HOME/rdbms/admin/utlpwdmg.sql
其中IF length(password) < 4一行改为< 8,并将最后一段修改为
ALTER PROFILE DEFAULT LIMIT
FAILED_LOGIN_ATTEMPTS 60
PASSWORD_LOCK_TIME 30/1440
PASSWORD_VERIFY_FUNCTION verify_function;
执行start utlpwdmg.sql
设置后,密码复杂度必须包含字母、数字、标点(密码不区分大小写),最小长度为8。
最大错误登录次数为60次,账号锁定时间为30分钟
验证:OEM-》安全性-》概要文件
select * from dba_profiles;
创建验证函数:
CREATE OR REPLACE FUNCTION verify_function
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischarboolean;
ispunct boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
BEGIN
digitarray:= '0123456789';
chararray:= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
punctarray:='!"#$%&()``*+,-/:;<=>?_';
-- Check if the password is same as the username
IF NLS_LOWER(password) = NLS_LOWER(username) THEN
raise_application_error(-20001, 'Password same as or similar to user');
END IF;
-- Check for the minimum length of the password
IF length(password) < 8 THEN
raise_application_error(-20002, 'Password length less than 8');
END IF;
-- Check if the password is too simple. A dictionary of words may be
-- maintained and a check may be made so as not to allow the words
-- that are too simple for the password.
IF NLS_LOWER(password) IN ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN
raise_application_error(-20002, 'Password too simple');
END IF;
-- Check if the password contains at least one letter, one digit and one
-- punctuation mark.
-- 1. Check for the digit
isdigit:=FALSE;
m := length(password);
FOR i IN 1..10 LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(digitarray,i,1) THEN
isdigit:=TRUE;
GOTO findchar;
END IF;
END LOOP;
END LOOP;
IF isdigit = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one digit, one character and one punctuation');
END IF;
-- 2. Check for the character
<>
ischar:=FALSE;
FOR i IN 1..length(chararray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(chararray,i,1) THEN
ischar:=TRUE;
GOTO findpunct;
END IF;
END LOOP;
END LOOP;
IF ischar = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one \
digit, one character and one punctuation');
END IF;
-- 3. Check for the punctuation
<>
ispunct:=FALSE;
FOR i IN 1..length(punctarray) LOOP
FOR j IN 1..m LOOP
IF substr(password,j,1) = substr(punctarray,i,1) THEN
ispunct:=TRUE;
GOTO endsearch;
END IF;
END LOOP;
END LOOP;
IF ispunct = FALSE THEN
raise_application_error(-20003, 'Password should contain at least one \
digit, one character and one punctuation');
END IF;
<>
-- Check if the password differs from the previous password by at least
-- 3 letters
IF old_password IS NOT NULL THEN
differ := length(old_password) - length(password);
IF abs(differ) < 3 THEN
IF length(password) < length(old_password) THEN
m := length(password);
ELSE
m := length(old_password);
END IF;
differ := abs(differ);
FOR i IN 1..m LOOP
IF substr(password,i,1) != substr(old_password,i,1) THEN
differ := differ + 1;
END IF;
END LOOP;
IF differ < 3 THEN
raise_application_error(-20004, 'Password should differ by at \
least 3 characters');
END IF;
END IF;
END IF;
-- Everything is fine; return TRUE ;
RETURN(TRUE);
END;
/
ALTER PROFILE DEFAULT LIMIT
FAILED_LOGIN_ATTEMPTS 60
PASSWORD_LOCK_TIME 30/1440
PASSWORD_VERIFY_FUNCTION verify_function;